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CONTENT aaiTIFIC ATION 

5 

Reference to Related Applications 
This application relates to poiding U.S. application Serial No. 
09/248,370, entitled "Content Certification", filed on Fcbniary 8, 1999 and U.S. 
Provisional Application Number 60/153,901 filed Sq>tember 14, 1999. These 
10 applications are incorporated by reference in their entirety herein. 

Background of the InvCTtion 
The Internet and the World Wide Web have made information 
dissemination &st, easy, and cheap. Posdngs fit>m both businesses and 

IS individuals have contributed to the wealth of available information. 

Unfortunately, die available infonnation is som^xmes of dubious value. For 
example, in 1998 a news agency accidental^ posted a pre-writfien obituary of 
Bob Hope on its Web-site. Congress held a moment of silence in his honor. The 
report of Mr. Hope's demise, howev^, was greatly exaggerated. Other Internet 

20 postings have been less innocuous such as the accidental pre-release of economic 
data by the U.S. Bureau of Labor and Statistics. 

In addition to accidental postings, some information available on the 
Intemel; purporting to be fiom o£Bcial sources, includes intentionally fibricated 
data or malicious statements. As a result users tend to be some^^^ skeptical of 

25 information accessed from the Internet Additionally^ some businesses, wary of 
potential liability or embarrassment, have begun to err on the side of safety and 
widihold information Scorn Intonet publicatioiu These factors combine to reduce 
the effectiveness of the Internet as a communication medium. 
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Summary of the InvCTition 
In general* in bne aspect, a mettiod of processing content includes 
S storing verification ihfonnation conesponding to certified content at a first 
computer and 

receiving a verification request corresponding to content fiom a second computer. 

The method determines verification information for the content corresponding to 

the vmfication request and compares the determined verification information 
10 with the stored verification information. 

Embodiments may include one or more of the following features. Hxe 

mediod may feature receiving content certification criteria ttat can be used to 

determine whether content should be certified. The content c^tification criteria 

can be a list of required approval or programmed logic. The method m^ also 
IS feature storing certification information (e.g^ a type of certification granted, 

entities approving certification, and whm the contrat was certified). The 

verification information can include information derived fiom tiie content such as 

at least one hash key. 

The verification request can include a URL. This can enable 
20 det^mination of verification information by collecting content fit)m the URL 

included in the verification request 

The verification request can include content Hiis can enable 

determination of verification information by determining verification information 

for die content included in the verification request 
25 Tlie Verification request can include verification information. This 

can enable determination of verification information by merely using information 

included in tiie verification request 
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Receiving a verification request may be produced by user interaction 
with a certification indicator, for example, a certification indicator included m the 
content 

S The certification indicator can include a graphic image having associated 

instructions that produce a verification request The mediod may further include 
transmitting c^tification information to the second computer. 

The content may include graphics, text, animation, sound, and 
instructions. Tlie content may form a web-page. 
10 The comparing may include issuing verification requests to connected 
certification servers. 

In general, in another aspect a method includes presenting an 
indication that content is certified and receiving user input requesting 
certification v^fication of tfie content The method furtiier includes transmitting 
IS a certification verification request to a certification server and receiving 
information indicating whether tiie cont^ has actually been certified. 

Embodiments may include one or more of the following features. 
Presenting an indication may include presenting a user inter£tce control. The 
method may further include displaying information included in the information 
20 received (e.g., content authorship, revision number, expiration date, and type of 
certification). 

Transmitting a certification v^ification request may include 
transmitting verification information detemiined from the content such as one or 
more hash keys. Transmitting a certification verification request may include 
25 transmitting information included m the content 

Transmitting a certification voification may include transmitting a URL. 

In general, in anoth^ aspect, a mettiod of controlling content 
distribution includes receiving certification criteria for content to be distributed. 
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identifying content to be distributed, and determining whether the identified 
cont^t satisfies the received certification criteria 

Embodiments may include one or more of the following features. 
Identifying content may include receiving a request for content at a s^er, 
S Identifying cont^t may include collecting content finom a set of locations. 
Detmaining viiiether the content satisfies the certification <»Ttena may include 
identifying at least one digital signature associated with the oont^t and/or 
detemiining verificadon information (e.g., a hash key) for the content 

Advantages may include one or more of the following features. The 

10 techniques provide users with a simple and mtuitive method of verifying that 
content (e.g^ a web-page) has be^ certified by an organization. Verification can 
be a mouse-click away whra content includes a certification indicator. 
Underlying medianisms protect flie verification process firom &lsification and 
tampering* These mechamsms enable users to trust the authenticity of displayed 

15 cont^t 

The techniques also enable an oiganization to carefiiUy define 
certification procedures tiiat content must und^o before certification and 
distribution. Automating tiiese c^tification procedures enables ah orgamzation 
to vigilantiy control the quality and reliability of information provided. 
20 Difierent implmentation architectures pennit distribution of* 

certification functions across dififerent computers and potentially speeding 
certification verification. 

Other advantages of the invention will become apparent in view of the 
following description, induding the figures, and the claims. 

25 

Brief Descrintion of the E>rawings 
FIG. I is a screenshot of content that includes a certification indicator. 
FIG. 2 is a screenshot of informaticm that verifies content cotificatiotu 
FIG. 3 is a flowchart of a process for certi^ng content 
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FIG. 4 is a flow diagram of a certiOcation and certification 
verification of content 

FIG. 5 is a flowchart of a certification procedure. 

FIG. 6 IS a block diagram of a certification scheme. 
S FIGS. 7A and 7B are screenshots of user int^laces for submitting 

cont^t for certification. 

HG. 8 is a flow diagram of content c^tification. 

FIG. 9 is a flowchart of content certification. 

FIG. 10 is a diagram of information stored at a c^tificatzoa server. 
10 FIG. 11 is a diagram ofdigital signature blocks issued for certified 

cont^t 

FIG. 12 is a block diagram of a certification server and certified 

content 

FIGS. 13*14 are flowcharts of processes for monitoring posted 

IS content 

FIGS. 15-16 are screenishots of grs^hical user interfiu^ that include 

certification indicators. 

FIG: 17 is a diagram of a certification vOTfication request 
FIGS. 1 8-22 are flowdiarts of processes for c^fication vmfication. 
20 HG. 23 is a fio wdiart of a process for creating multiple certification 

servers, 

FIG. 24 is a block diagram of a hierarchy of c^tification servers. 

HG. 25 is a fiowdiart of a c^tification verification process using 
multiple certification senders. 
25 HG. 26 is a blodc diagram of fi:andusee c^fication servm. 

HG. 27 is a flowdiart of a process for transmitting cont^t to a 
fianchisee server. 

HG. 28 is a flowchart of a process for updating contenf offered by a 
fixuichisee server. 
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FIG. 29 is a screenshot of a browser's display of an Internet page. 
FIGS. 30-36 arc scrcenshots of dififerent persistent displays that notify 
a user whether cont^t is certified. 

FIGS. 37, 39, 41, and 43 are diagrams of systems for validating 
5 content certiGcation. 

FIGS. 38, 40, and 44 are flow-diarts of processes for validating 
content certification. 

FIG. 42 is a diagram of a manifest of web-page contents. 

FIG. 45 is a diagram of a c^tification server and a validation server. 

10 

I>escription of the Preferred Embodiments 

Introduction 

Referring to FIG. 1, a browser^s graphical user interface 100 (e.g., 
15 Netscape™ Navigator™) presents content 104 provided by a resource (e.g., a file) 
at a URL (Univ^sal Resource Locator) 102. The content 104 can include 
graphics, text, animation, sound, instructions (eg., Java Applets), etc A URL 
102 can refer to a location on a remote compute that stores the content 104 as 
data and presentation instiucdons. The presentation instrucfions and data can be 
20 in a variety of formats such as HTML (HyperText Markup Language), XML 
(Extensible Markup Language), PDF (Portable Document Format), JPEG (Joint 
Photographic Experts Group), and MPEG (Moving Picture Experts Group). 
Wh^ a browse requests cont^t 1 04 fix>m a URL 102 resource, a ranote 
computer providing the resource can transmit the content 104 to a browser for 
25 presentation. As diown, the browser is an independent application, howev^, 
other applications (e.g., an e-maO program, a word processor, or a spread-sheet) 
can mcorporate fimctions traditiooally performed by tiie browser. 

As shown in FIG. 1, the browser display 100 includes a certzfication 
indicator 106. The indicator 106 provides a simple method of ensuring that the 
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content 104 presented has undergone a certification process. Content 104 may 
include one or more certification indicators 106 (e.g., "Certified by the Legal 
Department" and "Certified by the Mariceting Dqiartmcnt"). As shown, the 
indicator 106 is a user interface control fiiat has a graphic image, however, 
5 diSmnt implementations can present ttie control to a user as text, sounds, or by 
using other user inter&ce techniques. User selection of fte indicator 106 (e.g., 
using a mouse or odi^ pointing device to elide on the graphic image) initiates a 
certification verification process that can confirai that the content presented is the 
same content that has und^gone the certification process claimed by the 

10 certification indicator 106. 

Referring to HG. 2, the certification verification process can produce 
a window 108 that includes a display of information describing the content's 104 
certification such as the ratities that have approved the cont^f 1 14, whoi sudi 
approval occurred 1 16, the version number 1 18, etc. Other user intei&ce 

15 techniques can notify a user of cotification. For example, a user interface can 
play voice data provided by a person who cwtified the data (e.g., "This web-page 
was approved by John Doe on Febmaiy 8, 1999"). 

FIGS. 1 and 2 illustrate a simple and intuitive int^&ce that ensures 
presented content is genuine. Underlying mechanisms protect the verification 

20 process fii}m being fidsified or mimidced. These mechanisms enable users to 
trust the auth^tici^ of displayed content and provide web administrators with a 
tool for controlling content offered by a site. 

Referring to FIG. 3, a certification process permits an entity (e.g., 
business, organization, or individual) to establish certification criteria 140. For 

25 example, a business can list employees that must improve submitted content 142 
before it receives certification. Afier certification and distribution 144 of cont^t 
(^*gf by posting the content on an Intranet, Extranet, or Internet site or emailing 
the content to recipients), mechanisms can verify 146 that the cont&it pi&ented 
to a user satisfies the criteria required for c^tification 1 40 and has not been 
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altered since certification. The process can then present certification information 
such as the entities that approved the cont^t Thus, users can view unforgeable 
infoimation detailing the certification process undergone by content prior to 
distribution, 

S Refi»ing to FIG. 4, an illustrative implementation uses a certification 

server 124 that mcludes instructions 126 for certifying submitted content 122. 
The certification instructions 126 can enfi»ce c^tification mteria (e.g., all 
content must be approved by the legal dq}artm^t). The certification server 124 
can include a database 128 for storing vmfication information detemmed 6om 
..10 certified content The verification information inchides data tiiat identifies the ^ 
certified content such as a URU compressed or uncompressed portions of tiie 
content, and/or an assigned identification numb^. The verification information 
may also include one o r more hash keys (e. g^ an MD5 hash and an SHA hash) . 
A hash key is produced by a one-way fimction and typically requires Ihtie storage 
IS space (e.g^ 160-bits). Hash keys are nearly guaranteed to be unique for any 
given content 

The database 128 can also store certification information such as the 
type of certification (e.g^ the Legal Department), entities certifying the 
document, when cotification occurred, whra certification expires, the version of 

20 the certified content, etc Certification information and verification information 
are not mutually exclusive categories. A piece of data may be both certification 
information and v^fication information. 

As shown in HQ. 4, tiie certification server 124 also mcludes 
instructions 132 for processing requests 134 for certification verification. To 

25 verify certification, the instructions 132 can compare the verification information 
130 stored during certification to verification information detemuned for the 
content being verified. A match indicates the content has undergone a 
certification process and has not been altered since. Tlie certification server 124 
can transmit information confirming certification of the cont^t in question, for 
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example, by dynamically generating HTML instructions that includes 
certification information. An administrator can revoke certification by simply 
deleting or altering information in the database 128. 

5 Defining a Certification Procedure 

Refitting to FIG. S, an organization can use an interface to define 
different c^tifications 148 and critma for granting the certifications ISO to 
submitted content The criteria can include a simple list of employees that must 
approve suhmhted content Crit^a can also include projgrammed logic tiiat tests 
' 10 for satis&ction of dififereot conditions. The ability to program mteria ^lables a . 
business to define certification processes that reflect a commitment to distributing 
thoroughly reviewed content 

Referring to FIG. 6, one possible certification sch^e 152 us^ 
different certification levels. As shown, the levels include site-wide c^tification 

15 154, class certification 156-158, and indmdual certification 160-164. Each 
defined c^fication can include its own granting criteria. For example, to obtain 
site-wide certification, content must first receive certification finom tiie Legal 
Department 156, the Marketing Dq)artment 158, and flie company's CEO 164. 
Similarly, to receive Legal Dq)artmait certification 156, at least two members of 

20 the legal dq>artment and a text-scarming program that looks for certain phrases 
must approve the content As shown, the certification mteria can mdude 
different levels of abstraction. For example, instead of requiring certification 
fix)m a particular named person, c^tification mteria can be more abstracQy 
expressed, for example, as a role 162 (e.g^ chief attorney) within an organization. 

25 This enables certification to continue as diffmnt persons fill positions. 

The criteria for cotification may include different levels of approval. 
For example. Marketing Departm^t certification 158 may only require that each 
member of the marketing d^iartmeot receives content for review, whileLegal 
Dq>ai1ment certification may require that each member affirmatively indicates 
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approval of the content Additionally, certification may be sought for internal 
(e.g., on an Intranet) or extmial publication (e.g^ on the Internet). The criteria 
for external publication can be stricter than the criteria for internal publication. 
The sdieme 152 shown forms a hierarchy between the dififomt 
5 certification levels 154-164. Tlie hi^archical stnicture is a function of the 
defined criteria and is not an inherent characteristic of schemes having different 
certifications. 

Content Certification 

10 Referring to FIGS. 7A and 7B, easy-to-use graphical user interfiices 

shield usees fcom the mechanics of submitting contoit for certification. For 
example, as shown in FIG. 7A, a user can submit content via a password 
protected web-page by dragging-and-dropping content onto one or more defined 
certification controls 156, 158. A control 156, 158 recei^ng the content can 

15 prepare and transmit a certification request indicating the content and the 
c^tification desii^ Tlie certification controls 156, 158 presrated can vary 
depending on the person submitting content Alternatively, as shown in FIG. 7B, 
an application toolbar 171 can include a "Certify" button 173. Selecting the 
button 173 can prepare and transmit a c^tification request for a document Ihe 

20 user inter&ces of FIG. 7A and 7B are merely illustrative and other differentiy 
designed us^inter&ces could easily provide sinular functions. Additionally, a 
system need not provide a graphical user interface at all, for example, by using e- 
mail to submit content for certification. 

Refetriing to FIG. 8, a certification request 166 includes content 168 

25 (or a referoice to content) submitted for o^fication and other information 170 
such as the certification desired (e.g., site-wide certification or Legal Dqiartment 
certification), the content authors, and a proposed URL. Ihe request 166 can also 
include information such as a revision number, content keywords, tittc^etc. (not 
shown). 



-10- 



wo 00/46681 



PCT/OSOO/03489 



SSL (Secure Socket Layer), S-HTTP (Secure Hypertext Transfer 
ProtocoO. and other secure commuaications techniques can protect submitted 
content from tampering during transmission. Additionally* a request 166 can 
iiiclude one or more digital signatures (not shown) diat enable a receimg 
5 computer to authenticate die source of the message. While these features 

enhance security and protect content from tampering en route to the certification 
server, the certification process does not require these measures. 

The certification server 124 can process certification requests. The 
server 124 can distribute submitted content to individuals 172 that could 

10 potentially pro^de is>proval needed for certification. For exatiq)lei, flie server—. 

124 can distribute content to all the membm of the Legal Dqiartment wfam a 
request is made for Legal Dq}artment certification. Woricflow software^ e-mail 
daemons, and oHiGr tcdmiques, potentially executing on computeis otiier than the 
certification server, can also distribiite content to individuals for certification. 

15 As shown m FIG. 8, after an entity 172 receives and reviews 

submitted content 168, the entity 172 can notiJ^ the certification server 124 of its 
approval by siding a certification message 174. Hie certification message 174 
can mclude the submitted content 168 and other information 170 included in the 
certification request The message can also include information 174 that 

20 describes the pmon transmitting the certification message 174a, the type of 
certification granted 174b (e.g., a person can have tiie c£^iacity to certify content 
for botii the marketing and the legal departments), and a level of approval 1 74c 
(e.g., "for intmal use only" or "for publication on the Internet"). The 
certification message 174 may also include a digital signature 176 (e.g., a 

25 Vcrisign^/W3C X.509 digital certificate) belonging to the individual submitting 
the certification message 174 or may include information used by other 
authentication techniques sudi as biometric autiientication. As shown in FIG. 8, 
the certification server 124 processes received certification messages't74 with 
certifying instructions 126. 
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Referring to FIG. 9, in one implementation, the certifying instructions 
126 authenticate 178 a certification message to ensure the p^^n claiming to 
have £^pn>ved submitted content was, in &ct, the person who produced the 
certification message 174. After authentication 178, the instructions 126 can 
S determine 1 80 whether the certificadon message received satisfies the ^teria for 
the certification requested. For example, the instructions 126 can determiiie 
wh^er John Doe's 172 cotification message 174, alone or in combin^ion widi 
previously received c^tification messages, is sufficient to obtain Legal 
Department certification. If the received c^tification message 174 does not 

10 ^ satisfy the criteria, the instructions 126 can store the received certification and 
await further c^tification messages. The process may store a hash for submitted 
cont^t awaiting fixitfaer cotificafion to eosaxc that subsequent c^tification is for 
tiie same content as the certification already received. The process I26.caa also 
attempt to certify any links or other objects referenced by the content (eg., using 

15 W3Cs maiufest protocol). 

If the received c^tification message satisfies certification mteria, the 
mstmctions 126 can determine 184 verification information fipom tiie certified 
content or other information provided. For example, the instructions 126 rnay 
compute one or more hash keys from die certified content In general, tiie 

20 verification information can include any information that can be used to identify 
the citified content. 

After storing the content's certification and verification information in 
the database 186, the instructions 126 can produce a digital signature 188 (e.g., a 
W3C DSig (Diptal Signature Group) compliant signature) for the content 1 88. 

25 The digital signature 208 can include the computed hash 210, die content's URL 
212, or any other vmfication or certification information (not shown). 

After producing the digital signature 190, the instructions 126 can 
determine 190 whether the content can be dynamically modified 192 tclnclude 
Qie digital signature. For example, HTML and XML pcmvt dynamic insertion of 
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digital signatures into content (e.g., as header information or as a newly defined 
tag). Inclusion of the digital signature in the content ensures that the digital 
signature travels vath the content instead of assuming the signature will remain 
paired with the content during distribution. The instructions 126 can also 
S dynamically modify the content to include one or more c^tification indicators 
106. The instructions 126 can store die digital signature(s) in its database. This 
prevoits database contents fcom being tampoed with as any altered database 
information will not match the distal 5igaature(s) stored. Finally, the content 
and digital signature(s) are distributed by storage at a URL 194, 196 or by 

10 sending bade the certified content to a subnuttmg user for distribution (not - - - 

shown). 

Referring to FIG. 10, flie certification server database 130 includes 
information corresponding to certified cont^t Tliis information can include a 
URL 199, one or more hash keys 200, certifications obtained 201, the certifiers 

IS 202, and a c^tification expiration date 203. Ihe database 130 can also include 
the location Of ^y) of previous 204 or later 205 content vmions. When the 
certification server 124 receives a certification verification request, the s^er 124 
can determine \^ether a user has attempted to access the most recent version of a 
document The server 124 can automatically transmit the more recent version of 

20 the document to the user. Hie database can indude a vnde variety of other 
infonnation 207 sudi as a portion of the content and/or a certification expiration 
date. The database 130 can also include the location of different translations of 
content and transmit a translation based on Treferred Language** data included in 
a certification verification request 

25 Referring to FIG. 1 1, after certification, multiple digital signatures 

210a, 210b of different certifications may be associated with cont^t Hie 
different digital signatures 210a, 2I0b may be encrypted and identified by an 
encapsulating digital signature 208 ofthe certification server. ' 
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Referring to FIG. 12, after content certification, the certification 
server 124 database 128 stores the verification information 130 corresponding to 
certified content 168. Referring to FIG. 13, in addition to verifying certification . 
b response to verification requests, the certificatioa process enables an 
S administrator to enforce minimum oertificatton requirements for posted content 
For example, a site mi^t define a policy that requires any content available via 
the World Wide Web to have certification fiom both the Legal and Marketing 
Departments. A process 300 can ensure available content meets these • 
requirements 306 by determining ttie certification possessed by content at each 

10 URL 304 offered by a site. Detetmining content certification can include . > — 
identifying and verifying digital signatures stored at the URL. Alteniatively, the 
process 300 can determine verification information of a URL and compare the 
determined verification information with vmfication information originally 
stored during certification. Eitii^ tedmique oisures that employees or others do 

1 5 not post content without receiving sufiQcient certification. 

Referring to FIG. 14, enforcing certification critma can instead occur 
at a web-server processing content requests. Afte* receiving a request for contait 
303, the web-scrver can determine 305 if the requested content has the 
certification required for transmission 309. If not, the web-s«ver can notify tiie 

20 web-server administrator 307 that insufiicientiy certified content has be^ 
requested indicating that a link or directory has indicated the presence of the 
content on the server. This enables the administrator to quickly find content that 
should not be posted at the site. The web-server can also store information that 
specifically disavows c^tification for particular content 

25 

Certification Verification 

Refening to FIG. 15, in one unplementation, c^tification instructions 
dynamically modify certified cont^t to include one or more certification 
indicators 106a, 106b. Referring to FIG. 16, certification indicators 106c, I06d 
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may instead be paired with a listing of certified URLs I07c, 107d, for example, 
produced by a search en^e. The ceitificatioa indicators 106a, 106b may be 
packaged (e.g*, included in the same ActiveX control or Java applet) with a 
corresponding URL 107a, 107b to prevent a certification indicator 107a, 107b 
S bom accidental or intentional pairing with a diiSerent, potentially uncertified, 
URL. Selecting an indicator 106, 106a, 106b can initiate a certification , 
verification process. 

Rjefming to FIG. 17, initiation of die colification verification process 
can include prq^aring and transmitting a certification verification request 221 to a 
... ^ 10 certification server. .The request 221 can include, for example^ the certification 
clahned by a certification uidicator 223 and verification information 22S 
determined from the content presented. The request may be encrypted to prev^t 
analysis. Hie request 221 may also include a portion of the content presrated 
227 for comparison to similar iriformation stored in the certificaticms^er. Tliis 

IS can make "door-knob ratding" more di£E[cult Hiat is, people wishing to fiind a 
vaUd hash key cannot simply submit request after request ^th diflTerent hash 
keys until one works. Tlie request 221 can include other information such as the 
URL of the contmt, etc. 

Referring to FIGS. 18-22, c^tification verification can be 

20 implemented in any number of ways. The tedmiques used to verify certification 
can depend in part on functions provided by the browser (or other application) 
presenting the content in question. For example, older browsers may not acc^ 
or be able to pnocess digital signatures. Additionally, a browser may not include 
instructions for determining verification information (e.g., the ability to compute 

25 an MDS hash bom presented content). 

The different certification verification techniques, nev^eless, share 
a general process 132. Firs^ Ae procedures 132 detennine verification 
information (e.g., computing a hash or extracting verification inforfnathm bom a 
digital signature) for content 220 being verified. When the determined 
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veriftcation information matches 222, 224 the verification information originally 
determined during certification, the procedures 132 can conclude that the contmt 
satisfies certification criteria and has not been alt^ed since certification. The 
procedures 132 may also check to ensure certification has not expired and that a 
5 more recmt version of die document has not been certified. 

After verifying certification, the procedures 132 can cause display of 
verification and/or certification information such as the ^tities that citified a 
document, v/ben c^tification occurred, etc. Similarly, the procedure 132 can 
notify a us^ if verification foils, lite procedures 132 can also cause otiier 
..^^.^.^ 10 ^ programinatic bdiaWor to occur in addition to or in lieu of causing a display of — ^ 
information. A small subset bfpossible implementations follows. 

Referring to FIG. 19, if a browser has access to digital signatuie(s) 
produced during certification and tiie ability to detmnine verification information 
fiom content, the browse can extract tiie verification iniformation fiom the distal 

IS signature(s) 230, detennine tiie vmfication information of the content m question 
232, and compare the two 234. A match verifies the claimed certification 236. 
This mediod does not require access to tiie certification server for certification 
verification. Howev^, access to the certification server oiables a user to 
determine if the content remains certified or has been replaced by a new version. 

20 Referring to FIG. 20, ifa browser does not have access to distal 

signature(s) produced during c^fication but has the ability to detmnine 
verification information, the browse can detomine tiie verification information 
for the content 240 (e.& compute a hash) and send the detennlned verification 
information to tiie certification serv^ 242. The certification server can compare 

25 244, 246 the detmnined verification information with the verification 

information originally determined during c^ficatioiL Again, if the two match, 
the content's certification has been verified. 

Referring to FIG. 21, m some cases, contrat may not displaTu 
certification indicator. A user may, nevertheless, determine wfaedier the content 



-16- 



wo OU/46681 



PCT/US«i»/(»3489 



received certification. In one implementation, the user can visit a certification 
server web-site 252 and enter a URL for verification 254. Instructions on the 
certification s^er can collect the content provided by the resource at the 
identified URL, determine verification information Scorn the collected content 
5 256, and compare the determined verification information with stored vmfication 
information of certified content If the instructions find a match, the instructions 
can transmit verification and/or certification information to the user 

Refenring to HG. 22, in another impiem^tation, a user can simply 
transmit content in question to the certification servo- 266 fi)r certification 
- 10 verificatioa* The certification SOTcr determines vraificationiiiformalion for the- 
content 268 and can compare 270 this verification informattoa with verification 
information stored in its database. If the certification server ideaSEcs a match 
272, &e cettificatioti server can transmit the vmfication and/or c^tification 
information to a user for display 274. 
IS Each of the impl mentations described above enables a user to 

quickly determme whether pres^ted content actually comes fix)m an official 
source. This oiables a us^ to place greater reliance on the presented information 
and can make the uso^ more likely to return to a site. Tlie unplementations also 
enable a content provider to closely scrutinize and guard tiie content it distributes. 

20 

Multiple Certification Servers 

Referring to FIG. 23, the previous discussion described a single 
certification servtf. Tlie techniques described can also be used with a netwoiic of 
certification serv^. Certification servo* instructions 322 can be transmitted to 
25 different computers requesting 320 the instructions. Such transmission can occur 
after financial arrangements have been settled. Additionally, authentication may 
be performed by both the requestmg and transmitting servers. 

Referring to FIG. 24, certification servers may form a Meraftiiy 324. 
For example, a root certification s^er 326 connects to different company 
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"Headquarter" certification servers. For example, server 328 may belong to 
Honda while server 330 belongs to General Motors. Eachoftheheadquart)^ 
servers may connect to different divisions within a company. For example, 
server 332 may belong to Honda Motorcycles while sgtvct 334 belongs to Honda 
S Automobiles. Although FIG. 24 illu^rates a hierardiicai relatiooship, other 
certification server topologies are possible. 

Hierarchically organized certification servers permit (Ustribution of 
server processing and storage over a number of compute without losing the 
ability to VOTfy content catified by any of the servers. Additionally, the 
-10 - structure p^mits hierarchically higher servers to control fimctions performed by — 
lower servers. For example, a server can control whether another server is itself 
able to make a request for certification software. 

For example^ referring to FIG. 25, a recursive procedure 336 can 
quictdy seardi each catification scrv& to verify certification of cont^t in 
15 question. After receiving a verification request 338, a certification swer can 
check its own database 340 for verification infbnnatidn corresponding to &e 
verification request 338. If unable to find the verification information in its own 
database, the serv^ can issue a verification request to connected servers 344. 
Eventually, a verification request will reach the server used for certification of the 
20 content 342 or all servers wU return an mdicationtiiat no server has edified the 
cont^t in questioiL 

Otho- procedures can go up the hi^archy rather than down. For 
example, when a division c^tification s^rer 332 receives a certification 
verification request it cannot pro^de, the division server 332 can issue a 
25 certification verification request to the headquarter's c^tification senrer 328* 

Franchising 

A fiandusor (e.g., a corporation or syndicated) often toay %ff^t to 
provide content for display on its franchisee's Web-sites. For exan^)le» Genial 
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Motors may want local dealerships to include a national sales advertisement. 
Additionally, fianchisees may want to download certified content describing new 
products. 

Referring to FIG. 26, a fianchisor 350 (e.g., a coiporation or 
S syndicate) can provide content to different franchisees 352, 354. Any giv^ site 
may act as both a franchisee and frandiisor (not shown)* . . 

Referring to FIG. 27, after establishing a franchisor/fiandiisee 
relationship^ a proxy is established at the franchisee with whidi the fiandiisor can 
communicate to manage cont^t including refreshing and invalidating content 
-*I0 -"Thereafter, a franchisee can request cont^t from flic fianchisor BSfi.-After — ^ — - 
authenticating flie fiandiisee^ request 357, the fianchisor can send tlie ^ 
contend digital signatures associated with the contmt, and verification 
infomiation determined for file content during certification 358. Thefrandiisee 
can store the downloaded information and provide flie content to site ^itors 360. 
1 S Ref^ring to FIG. 28, a fianchisor can control the content ofifered by 

its fiianchisecs. For example, to de-certify or update content; the fianchisor can 
download replacement oontoit or the fianchisor can mark flie content m the 
proxy invalid. When a fi^chisee receives a request for invalid content 364, the 
franchisee requests updated content fiom the franchisor 366. The franchisor can 
20 monitor the content offered by its fianchisees by examining verification 
information conresponding to the content or the content ttself, 

After downloading infonnaticn fiom a fianchisor to a francliisee Web* 
serv^, visitors to the fianchisee can view the downloaded content The ' 
frandiisee proxy can autemadcally transmit a certification verification request 
25 each time a visitor requests content 

Requests for content can be metoed by the franchisee proxy. Thus, a 
frandiisor can receive reports regarding which franchisee sites readied the most 
customos. Meting data can be used for andyticd purposes or even asa way to 
charge for use of content (eg., for eadi web-page hit) or pay for its distribution. 
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For example, metering can be used as a way for franchisees to charge fi^anchisors 
for distribution of content, for example, by dbar^g a small fee for each content 
request 

5 Alerting Users of Content Validation 

FIG. 29 again shows a web-page ilOO presented by an Int^et. 
browser. A us^ viewing the page 1 100 often must trust that the content-provider 
stands behind die contents and/or that the contents have not been tampered with. 
Sometimes this trust is misplaced. For example, someone may have posted die 
- iO cont^t at the business' web-site widiout appropriate approval (e.g.,undagoing 
certification process). Atternatively, some mtennediate netwozk node may have 
intercepted content as it traveled across the Internet and replaced selected 
portions. 

This ^plication describes tediniques that enable a content provider to 
IS certify content This application also desCTbes techniques for validating 
certification of downloaded content Sudi validation can include determining 
content is not certified, determining oont^ was altered after certificatiozi, 
determining c^tification has expired, and/or detennining certification has been 
revoked. Suc^vaUdation can also include detenxiining and authepticadng the 
20 id^tities of entities claiming to have cettified the cont^t As shown in FIGS. 
30-36, these techniques have been embodied in a software program that can use 
graphical indicators, sound, and other notification techniques to notify a user 
whether downloaded content is certified content 

25 Display of Certification Status 

A number of diflfer^t mechanisms can notify users of whether 
downloaded content is certified content For examplei, FIGS. 30 and 3 1 show a 
Mi(»t>sofi® Wmdows 95 tasld>ar button 1 104 and tray icon 1 106 that change 
appearances based an attempt to validate certification of content displayed in an 
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active browser window. For example, the controls 1 104, 1 106 may notify a user 
of the c^tification status (e.g., certified, uncertified, expired, revoked, etc.) of 
content using text, graphics, color, and other display attributes. Tlie appearance 
of the controls 1 104, 1 106 may vary in dififerent ways for difi^nt certification 
5 statuses. For example, content that was never certified may cause the tray icon to 
display a bright red skull and ooss bones to alert a user, while content having 
revoked certification may cause fiie tray icon to turn orange. Ihe unobtrusive 
placement of the controls 1 104, 1 106 provides real-4ime, continual, notification 
of cont^t certification without int^fering with a user's normal browser 

40-iriteractioru - - — — — ^ — — — — - 

FIGS. 32-35 diow a number of other user notificatioa tedmiques* For 
example, FIG. 28 shows a window 1 108 that displays a mzp 11 10 of content 
displayed by a browser. The map 1 1 10 may include a logo (not shown) of the 
site offing the content The different appearances of map regions indicate the 

IS certification status of content For example;, red portions may indicate uncertified 
regions of a page^ while white portions may mdicate citified re^ons. The 
vmdow cables a user to quickly idoitify potentially unc^fied content 

FIG. 33 shows a window 1 1 12 that displays a tree of web-page 
contents 1114-1120. Each node in the tree can correspond to a diJBBmnt content 

20 (e.g., a node for a page's HTML and nodes for different GIF (Graphics 

Interchange Format) pictures referred to by Oie page). Agmn, different display 
attributes of tree nodes reflect tiie certification status of content For example, 
shaded node 1 1 16 indicates that tiie picture for "Digests of Patent Opinions 
Fed^ Circuif has not been certified. The map of FIG. 32 and the free of FIG. 

25 33 can provide a user wifli a ^sual description of content catification, without 
alt^g the browser's display of the page or oth^wise altering the browser's 
functions. 

Other techniques, however, use browser-provided functionsio provide 
an indication of the certification status of content- For example, as shown in FIG. 
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34, a browser may be dynamically programmed to display the certification status 
of content on a page as a user brushes the content with a cursor. For browsers not 
offering this capability, this feature may be offered by continuously determining 
cursor placement and displaying a window near the content Alternatively, tiie 
5 window may only be displayed when a user selects content, for example, by 
clicking a mouse button on the content 

As shown in FIG. 35, software can alsio directly alt^ the display of 
contents after detennining die certification of different portions. For example, as 
shown, the software can black-out 11 14 uncertified content and/or alter the 

.10 *displ£^ of content 1 1 16 having e3q)ired ceitificatico* Dq)eQding on the browser, . _ . 
this niay require writing a dolmdoaded page to a temporary file, modi^i^ 
temporary file, and reloading tiie modified temporary file into the browser. 

The embodim^ts described above can also pro^e more detailed 
mformation about die certification of content For exan:q)le, by selecting ttie 

15 system taslAar button 1104 in FIGS, 30 or 3 1, a dialog, as shown in FIG. 36, can 
display detailed in&nnation about cont^t The detailed information can include 
the certifying entity 1 124, a graphic for the entity (e.g., a business trademark), tiie 
trustwortiiiness of die page or content 1 125, the URL (Unive^ Resource 
£x)cator) or URI (Univ^sal Resource Indicator) of die content 1 127, the range of 

20 dates the certification is valid 1 128, and a "digital fingetprint" of the content 
1 129. The dialog may also display odi^ information (not shown) sudi as the site' 
c^ficate of the wcb-site providing the page and potentially a text description of 
the Trust Policy" used by the site to certify contott (e.g, TFac^mt, Inc. uses a 
five person review board to certify content prior to posting"). 

25 Any ofthe visual techniques des^ibed above can be combined and/or 

used in conjunction with non-visual techniques sudi as audio messages (eg., 
"The picture of Abe Lincoln is untrustwcHthy"). Additionally, while the above 
description described individual pages, the same tedmiques woifc ^uatty well 
with framed browser displays that display two or more pages simultaneously. 
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Underlying the displays shown in FIGS. 30-36 are certification 
procedures that enable provide to certify posted content and validation 
procedures that enable users to validate the certification of received content 

5 The Trust Validator 

FIG. 37 shows a client 1 136 browser tl40 downloadmg information 
(t-c, page 1 132) fiom a URL (Universal Resource Locator) 1 132 over a network 
1 144. The cli^t 1 136 can present the downloaded content on a user's monitor 
1 142« speaker, etc. As shown, fte client 1 136 includes **tiust validator'* software 
- 10 1 138 that validates certification of downloaded content The validator 1 138 may 
operate as a badcground iKOcess that monitors content received by the browse 
1 140, for ^cample, calls to or 6om the browser API (application 
prograrhming inter&ce). Alternatively, validator 1 138 fimctions may be directly 
integrated into the browser 1 140. 

IS The validator 1 138 can validate content certification using 

certification information associated mth the content For example, tiie validator 
1 138 can compare certification information detemuned for the cont^t 
determined prior to transmission to the client mtfa certification information 
detCTiined after transmission. 

20 In more detail, a certification process produces certification 

information 1 134 based on the citified content(s). T^ically, this information ' 
1 134 is produced using a "one-way" function. For example, a hashing function 
may use all or some portion of the ASCII characters in HTML (HyperText 
Markup Language) commands tiiat define a page to produce a set of output bytes. 

25 Given the same inpu^ the hashing fiinction produces the same ou^ut A popular 
hashing fimctions known as MDS and SHA can produce relatively small ou^ut 
for lai^e pages. 

The certification information 1 134 derived from the cont^may be 
included m the cont^t itself for example, as data, for example^ as signature 
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and/or manifest elements of an XML (Extensible Markup Language) page or as 
an HTML "Meta** element When the cettification infonnation 11 34 is included 
in the content, it roust be removed before redetermining the certification 
information. 

S Alternatively, the infiormation 1 134 may be included in the header of 

an HTTP (HypcrText Transfer Protocol) message sent by the server 1130. In yet 
anodier implementation, the trust validator 1 138 may indq^endeady request 
certification information 1134 for the downloaded cont^t For example^ the site 
may provide a file (e.g., "fictpointtxt*^ at a predefined location (e.g., 

' —10 "wvvw«iulcoro/factpomttxt*0 that lists whmcet^ 

s ite content can be found, the file may refer to oflier sites wfara die cpnt^ has 
been copied. 

FIG. 38 shows a process 1 138 die tnist validator can use to validate 
certification of downloaded content First, die trust validator obtains 1 150 the 

15 downloaded content (eg., a page or portion of a page) and the catification 
infonnation associated with die content The trust validator 1138 can obtain this 
information from the browser 1 140 or can establish an mdep^d^t connection 
witii the server 1 130. The trust validator 1 138 can independentty determine 
c^tification mformation using 1 152 the one-way Amotion on die received 

20 content By comparing 154 the received certification information and die 
independrady detomined c^tification information, the validator 1 138 can 
detCTiine 1 154 whether the page 1 132 has be^ altered since certification and 
notify a user ofsucfa a change. The trust validator may also notify a web-site 
administrator if certification validation feils so the admirustrator can investigate 

25 unc^tified content offered by die site. 

FIG. 39 shows a sdieme that can not only detect tampmng, but diat 
can also identify and audienticate the entity or entities certii^dng cont^t This 
scheme features certification information that includes a hash dig^tallysigned by 
one or more certifying entities. A digital signature 1 160, much Uke a handwritten 
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signature on a piece of paper, provides a degree of certainty that a particular 
entity signed the cont^t in question* 

One digital signature sdieme uses a private encryption key known 
only to the signer and a public encryption key that may be freely distributed. 
5 Information enoypted with the private key can only be unencrypted with the 
public key. Thus, an enti^ certi^ang content can enoypt a hash of the content 
with theu* private key. Only the public key associated with the entity can 
properly decrypt the hash. For example^ a hash of content may be enciypted 
using a private key assigned to a web-site and decrypted using a public key 

-10 -included m tiie site's-C^tificate, -A wide variety of otfao* dig^ signature - - ^ 

schemes may be used sudi as an exchange of a single encryptioti key or the use 
of physical devices such as smart cards. 

In the system of FIG* 39, information needed to validate a digital 
signature msty be included witfi ttie c^tification information. Ihe information 

15 may include an X.S09 certified for eadi entity signing the hash. For example, 
an XLS 09 certificate may mclude the pub lie key needed to deoypt tiie hash of the 
page 1132, a description of tiie entity holding the private key, and the digital 
signature of some authority such as VeriSign® testifying to the tnitii of the 
information in the certificate (i.e., that the entity claiming to have signed the hash 

20 is actually the claimed entity). In another embodiment, the information needed to 
validate a digital signature (or a reference to this information) may be provided 
by one or more DSig (Digital Signature Users Group) digital signature biodcs. 

As shown in FIG. 40, after receiving ttie certification information 
(e.g., digital signature and cotificates), tiie trust validator 1 138 can use the public 

25 key included in the certificate to extract the hash included in the digital signature. 
The trust validator 1138 can also follow the diain of authority 1 162, for example^ 
by asking VeriSigo^ if the public key received is really tiie public key of tiie 
entity claiming to have signed the hash. The trust validator caiiincluae 
information about (he diain of authority in a display such as the dialog shown in 
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FIG. 36. After extracting the hash from the ceitification infonnation, the trust 
validator 1 138 can conclude the page was altered or was never certified to begin 
with aad can notify a user using the techniques described above. 

If the certification information includes a digitally signed hash, the 
S certification infonnationnmy be transmitted over an insecure connecti 

however, the certification infonnation only includes a hash, a secure connection 
sudi a secure sock^ layer (SSL) connection may be preferred. 

As shown in FIG. 41, instead of a single digital signature or hash, 
certification mfonnation may include a manifest 1 170 for content included in a 
- 10 page. The mamfest l 170 itself may be hashed and digitally signed. As shown in - 
FIG. 42, the manifest 1 170 can include the hash values of dlfiB^ent page 1 130 
content For example, the manifest 1 170 shown includes a different hash value 
for each picture displayed on the page. The trust validator 1138 can use fliis 
information to validate each portion of a page individually. The validator 1 138 
IS can also use criteria to produce an overall estimation of page certification. This 
oiteria may be provided by rules included in the manifest 1 170 (e.g., defining 
valid content collections), logic hard-coded into the validator, and/or as logic 
provided by user-supplied code (eg., a Java script). By default, tiic validator 
1 138 can des(^be tiie page as ha^nng the lowest certification status of any content 
20 in the page. For example, if any content on the page has expired, the page as a 
whole is deemed expired. The validator 1 138 may use sunilar logic for fiames. 
That is, the overall certification status of a display is deteamined by the worst 
certification status of any content m any displayed firame. 

In some implementations, the trust validator 1 1 38 can alot a user to 
25 revocation, expuation, and otiier certification statuses of downloaded content 
FIG. 43 shows a server 1 130 tiiat includes a database table 1 182 describing 
available content 1 132. The table 1 182 can include an expiration date for 
certification, a blanket levocation of cotificadon, and other itifonnatio^ Upon 
receiwig content, the trust validator 1138 can transmit a validation request to 



-26- 



wo 00/46681 



PCTAJSOO/03489 



validation software 1 180 on the server 1 130. The validation software 1 132 can 
access the table 1 1 82 to verify the content was certified and determine whether 
the content has expired or has been revoked. The validation software 1 132 can 
transmit the results back to the trust validator 1138. 
S Though information in the table 1 1 82 may be included in flie 

certification information received by the client, the table 11 82 enables an 
administrator to c^itrally alter certificafion information. The server table 1 182 
can also be used to provide CGnimt '*versioiiing". Tor example, a website may 
certify a more recent veision of information for a URLw Validation software can 

10 - look for valid versiotisofaUIU^whai a client attempts to vaUdate expired or-^ 
revoked contait 

FIG. 44 describes this validation process in greats' detail After 
recei\ing the content and its corresponding certification information 1200 and 
independently determining tfie certification 1204 for the content, Ifae validator 

15 1138 can preliminarily d^ermine if the content is certified without accessing fiie 
server 1 130. For additional validation, the validator 1 138 can also transmit 1206 
certification information (e.g., the hash) to the server validation software for 
look-up in the server table 1182. The server table 1 182 can not only verify that 
the content has not expired or been revoked, the server table 1 1 82 can also 

20 idratify more recent content that replaces tiie content the user downloaded (e,g., 
tfie URL for the hash submitted has another table entry that has not been 
revoked). The tr\ist validator can then establish a coimection to download die 
valid verdon for displsy in the browser. 

FIG. 4S shows a secure architecture that distributes server certification 

25 and validation fimctions between a c^tification server 121 8 and a validation 
server 1232. The certification ser/ct 1218 includes certification software 1220 
diat certifies submitted content 1214. The certification server 1218 also adds 
table 1182 CTtries as content is certified. " ' 
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An administradon tool 1216 can manage infoimation stored in the 
table, for example, to specify an expiration date, delete certification, or revoke 
certification for content 

The certification software 1220 may c«tify a single piece of content 
5 or a collection of web-pages usmg a certification "spider." Certification may be 
performed for fixed or dynamically constructed contrat After certification, the 

certification server can place certified cont^t on the validation server for 
dlstnbution. 

The validation server 1232 mcludes validation software 1228 that 
^ „ . , — - .- ,10 accesses tiie certification server 1220 table 1182 in response to client validation - 
requests. The validation serv^ 1232 may maintain a cache of validation data to 
reduce the time spent serving client requests. 

Embodiments 

IS The techniques described here are not limited to any particular 

hardware or sofiivare configuration; they may find applicability iti any computing 
or processing en vironmoit For example, fimctions described as being p^ormed 
by a certificatim server can be distributed across difG^ent platforms. 

The techniques may be implemented in hardware or software, or a 

20 combination of the two. lYefcrably, the techniques are implemented in computer 
programs executiqg on programmable computers that each include a processor^ a 
storage medium readable by the processor (including volatile and non-volatile 
memory and/or storage elonents), at least one input device, and one or more 
output devices. Program code is applied to data entered using the input deWce to 

25 perfisrm the fiinctioiis described aad to generate oif^ut information. The output 
information is applied to one or more output devices. 

Each program is prefoably implm^ted in a hig^ level prx)cedural or 
object orimted programming language to conununicate with a comptzt^ system. 
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however, the programs can be implemented in assembly or machine language, if 
desired. In any case, the language may be a compiled or interpreted language. 

Each such computer program is preferably stored on a storage 
medium or device (e.g., CD-ROM, hard disk or magn^c diskette) that is 
S readable by a graeral or special purpose programmable computer for configuring 
and operating the computer when the storage medium or device is read by the 
compute to p^oim the procedures described in Ibis document The system may 
also be considoied to be implwiented as a computer*readable storage mediiun, 
configured with a computer program, v/h&c the storage medaun so configured 
-10 causes a computer to operate in a specific and predefined manntf. - - • 

Other embodiments are wi&tn the scope of the following claims. 
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What is claimed is: 

1 . A method of processing content, comprising: 
storing vmfication information corresponding to certified content at a 
first computer; 

receiving a verification request corresponding to conteat from a 
S second computer; 

detennining v^fication information for the content conresponding to 
the verificatioa request and 

comparing the determined vmfication inf(»mation with die stored 
verification infotmation* 
-10--- — — - ^^^^.^^ 



2. The method of claim 1, further comprising, recei^g content 
certification mteria. 

3- Hie method ofclaim 2, vlierein certified content comprises 
1 5 content satisfying the content certification criteria. 

4. The method of claim 2, wherein content certification criteria 
comprises a list of required approval. 

20 5. The mctfiod of claim 2, vs^erein content certification criteria 

comprises programmed logic. 

6. The method of claim U fiuther comprising storing certification 
information. 

25 

7. The method of claim 6, wherein certification tnfonnation 
comprises at least one of the following: a type of certification granted, ^titles 
approving c^tification, and when the content was certified. ' ^ 



30 
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8. The method of ciaixn 1, wherein verification infonnation comprises 
tnfcrmatioa derived from the content 

9. The method of claim 8, wherein infonnation derived from the 
5 content comprises at least one hash key. 

10. The method of claim 1, wherein the verification request includes 
a URL (Uniform Resource Locator). 

.10 ^ - -11. The method of claim 10, wherein determining verification -.^ — — 

infomiation comprises collecting content fiom the URL mchided in the . 
verification request 

12. The method of claim 1, wherein tlie vmfication request mcludes 

IS content 

13. The method of claim 12, wherein detemiining verification 
infonnation comprises determining verification infonnation for the content 
included in the verification request 

20 

14. The m^od of claim 1, wherein Ae v^ification request includes 
verification infonnation. 

1 5. The method of claim 14, wherein det^mining verification 
2S infonnation comprises using the verification infonnation included in the 

verification request 
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16. The method of claim 1, wherein receiving a verification request 
comprises receiving a request caused by user interaction with a certification 
indicator. 



S 17. The method of claim 16, wherein the certification indicator is 

included in the content 

18. Hie method of claim 16, ^erem the certification indicator 
comprises a graphic image having associated instructions that produce a 

10™v«ification request. ... . - ... . . . 

19. The method ofclaiml, further comprising transmitting 
certification information to fiie second computer. 

IS 20. The metiiod of claun 1, \^min the content comprises at least one 

of die following: graphics, text, animation, sound, and instructions. 

21. The method of claim 1, wherein the content comprises a web- 
page, 

20 

22. The m^od of claim 1, wherein comparing comprises issuing 
verification requests to conneded certification servers. 

23. A method, comprising: 

25 presenting an indication that content has received certification; 

receiving user input requesting verification that tiie content has 
received tiie certification indicated; 

transmitting a certification verification request to a ceftification 

server, and 
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receiving infonnation describing whether the content has actually 
received the certification piesented'by the indication. 

24. The method of claim 23» wherein presenting an indication 
5 comprises presenting a user interface control. 

25. Hie method of claim 24» whereia receiving user input comprises 
receiving user input via the user inter&ce control 

10 26.. The method of claim 23, further comprismg dispkying ..^^^ 

infonnation included m the information received. 

27. The method of claim 23, wherein the infonnation received 
comprises at least one of the following: content authorship, revision numbo:, 

IS expiration date^ and type of certification. 

28. Hie method of claim 23, wherein transmitting a certification 
verification request comprises transmitting verification information determined 
fix)m the content 

20 

29. The method of claim 28, wherein the vmfication mformation 
comprises a bash key. 

30. The method of claim 23, wher^ transmitting a certification 
25 verification request comprises transmitting infomiation included in the content 

31. The method of claim 23, wherein traosmitting a certification 
vmfication request comprises transmittuig a URL. ' — 
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32. A method of controlling content distribution, comprising: 
receiving certification requirements forcontent to be distributed; 
identifying content to be distributed; and 

determining whether the identified content satisfies (he received 
S certification requirements. 

33. The mediod of claim 32, v^iein identifying content.comprises 
receiving a request for cont^t 

10 34. Tlie method ofclaim32»i^ierein identifying content compriises 

collecting content fi:om a set of locations. 

35. The method of claim 32/v^erein^detenniningcona^rises 
identifying at least one digital signature associated vnth the content 

15 

36. The mediodofclaim 32, vlierein the determining comprises 
detennining verification infonnation for the content 

37. A method of processing content received fix}m a netwodced 
20 computer in response to a browsor request for content, tibe method comprising: 

receiving certification information associated with content received by 
the browsen 

determining a certification status for content based on the received 
certification information; and 
25 displaying at least one indication of the det^nuned certification status 

ofthecontent ' ^ 

38. The method of claim 37, wherein the indication comprises a 
persistant indication displayed with the content 
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39. The method of claim 37, wherein the indication comprises a 
taskbar button. 

5 40, The method of claim 37, wherein the indication comprises a tray 

icon. 

41. The method ofclaim 37, wherein displaying at least one 

. , indication comprises processing the coatmt to include one or 

10 more indications. 

42. The method ofclaim 41, wherein processing the content 
comprises altering visual representation of the content 
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